caddy

Commit Graph

Author	SHA1	Message	Date
Matthew Holt	b249b45d10	tls: Change struct fields to pointers, add nil checks; rate.Burst update Making them pointers makes for cleaner JSON when adapting configs, if the struct is empty now it will be omitted entirely. The x/time/rate package was updated to support changing the burst, so we've incorporated that here and removed a TODO.	2019-09-30 09:07:43 -06:00
Matthew Holt	7b33c8db31	tls: Make cert and OCSP check intervals configurable This enables use of ACME CAs that issue shorter-lived certs	2019-09-24 17:04:03 -07:00
Matt Holt	11696793bd	tls/acme: Ability to customize trusted roots for ACME servers (#2756 ) Closes #2702	2019-09-24 15:46:39 -07:00
Matthew Holt	19f36667f7	tls: Clean up expired OCSP staples and certificates	2019-09-17 16:00:15 -06:00
Matthew Holt	f15f0d5839	Eliminate some TODOs	2019-09-14 18:05:45 -06:00
Matthew Holt	839507e24e	http: Consider wildcards when evaluating automatic HTTPS	2019-09-13 11:46:58 -06:00
Matthew Holt	ed40a5dcab	tls: Do away with SetDefaults which did nothing useful CertMagic uses the same defaults for us	2019-09-12 17:31:54 -06:00
Matthew Holt	7799554baa	go.mod: Use lego v3 and CertMagic 0.7.0	2019-09-12 17:31:10 -06:00
Matthew Holt	2cb01d43cf	tls: Remove support for TLS 1.0 and TLS 1.1	2019-09-11 22:26:06 -06:00
Matthew Holt	b4dce74e59	tls: Use Let's Encrypt production endpoint We're done testing this in staging	2019-09-11 18:52:07 -06:00
Matthew Holt	1ce10b453f	Require Go 1.13; use Go 1.13's default support for TLS 1.3	2019-09-10 13:11:27 -06:00
Alexandre Stein	50961ecc77	Initial implementation of TLS client authentication (#2731 ) * Add support for client TLS authentication Signed-off-by: Alexandre Stein <alexandre_stein@interlab-net.com> * make and use client authentication struct * force StrictSNIHost if TLSConnPolicies is not empty * Implement leafs verification * Fixes issue when using multiple verification * applies the comments from maintainers * Apply comment * Refactor/cleanup initial TLS client auth implementation	2019-09-03 09:35:36 -06:00
Matthew Holt	c9980fd367	Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.	2019-08-21 10:46:35 -06:00
Matthew Holt	ab885f07b8	Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.	2019-08-09 12:05:47 -06:00
Matthew Holt	28df6cedfe	tls: Use IANA-standard cipher suite names	2019-07-18 09:52:43 -06:00
Matthew Holt	dd6aa91d72	Fix DNS provider module unmarshaling (closes #2676 )	2019-07-18 09:15:23 -06:00
Matthew Holt	79216d356c	acmemanager: Use storage module key "module" instead of "system"	2019-07-05 09:59:46 -06:00
Matthew Holt	fdd871e177	go.mod: Append /v2 to module name; update all import paths See https://github.com/golang/go/wiki/Modules#semantic-import-versioning	2019-07-02 12:37:06 -06:00
Matthew Holt	533d1afb4b	tls: Enable TLS 1.3 by default; set sane defaults on tls.Config structs	2019-07-01 11:47:46 -06:00
Matthew Holt	3177ee8010	Add license	2019-06-30 16:07:58 -06:00
Matthew Holt	2b22d2e6ea	Optionally enforce strict TLS SNI + HTTP Host matching, & misc. cleanup We should look into a way to enable this by default when TLS client auth is configured for a server	2019-06-26 16:03:29 -06:00
Matthew Holt	38677aaa58	caddytls: Support tags for manually-loaded certificates	2019-06-24 12:16:10 -06:00
Matthew Holt	81a9e125b5	Oops	2019-06-21 08:52:15 -06:00
Matthew Holt	269b1e9aa3	tls: Improve (and fix) on-demand configuration	2019-06-20 20:36:29 -06:00
Matthew Holt	6706c9225a	Implement templates handler; various minor cleanups and bug fixes	2019-06-18 11:13:12 -06:00
Matthew Holt	5137859e47	Rename caddy2 -> caddy Removes the version from the package name	2019-06-14 11:58:28 -06:00
Matthew Holt	b79f86f256	Fix bugs related to auto HTTPS and alternate port configurations	2019-06-04 22:43:21 -06:00
Matthew Holt	613aecb898	Change import paths to GitHub package names	2019-06-04 13:52:37 -06:00
Matthew Holt	f064889a4f	Customize admin endpoint address with -listen flag This is a temporary holdover for development purposes	2019-06-03 15:35:14 -06:00
Matthew Holt	3439933235	Implement session ticket keys; default STEK module with rotation	2019-05-29 23:11:46 -06:00
Matthew Holt	da6a8cfc86	Minor cleanups	2019-05-28 18:52:21 -06:00
Matthew Holt	9cd6f35e9d	Separate out certificate selection	2019-05-27 11:31:47 -06:00
Matthew Holt	210d0cf7f1	Implement custom cert selection policies; optimize matching for SNI	2019-05-24 13:18:45 -06:00
Matthew Holt	be9b6e7b57	Honor the configured CA value	2019-05-21 14:22:33 -06:00
Matthew Holt	2fd98cb040	Module.New() does not need to return an error	2019-05-21 14:22:21 -06:00
Matthew Holt	1f0c061ce3	Architectural shift to using context for config and module state	2019-05-16 16:05:38 -06:00
Matthew Holt	f9d93ead4e	Rename and export some types, other minor changes	2019-05-14 14:14:05 -06:00
Matthew Holt	48b5a80320	Remove (unimplemented) enterprise TLS matchers	2019-05-07 11:58:58 -06:00
Matthew Holt	5859cd8dad	Instantiate apps that are needed but not explicitly configured	2019-04-29 09:22:00 -06:00
Matthew Holt	43961b542b	General cleanup and more godocs	2019-04-26 12:35:39 -06:00
Matthew Holt	2d056fbe66	Initial commit of Storage, TLS, and automatic HTTPS implementations	2019-04-25 13:54:48 -06:00

1 2

91 Commits